HEAP: A packet authentication scheme for mobile ad hoc networks

In mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs), it is easy to launch various sophisticated attacks such as wormhole, man-in-the-middle and denial of service (DoS), or to impersonate another node. To combat such attacks from outsider nodes, we study packet authentication in wireless networks and propose a hop-by-hop, efficient authentication protocol, called HEAP. HEAP authenticates packets at every hop by using a modified HMAC-based algorithm along with two keys and drops any packets that originate from outsiders. HEAP can be used with multicast, unicast or broadcast applications. We ran several simulations to compare HEAP with existing authentication schemes, such as TESLA, LHAP and Lu and Pooch’s algorithm. We measured metrics such as latency, throughput, packet delivery ratio, CPU and memory utilization and show that HEAP performs very well compared to other schemes while guarding against outsider attacks.     

Node cooperation in hybrid ad hoc networks

A hybrid ad hoc network is a structure-based network that is extended using multihop communications. Indeed, in this kind of network, the existence of a communication link between the mobile station and the base station is not required: A mobile station that has no direct connection with a base station can use other mobile stations as relays. Compared with conventional (single-hop) structure-based networks, this new generation can lead to a better use of the available spectrum and to a reduction of infrastructure costs. However, these benefits would vanish if the mobile nodes did not properly cooperate and forward packets for other nodes. In this paper, we propose a charging and rewarding scheme to encourage the most fundamental operation, namely packet forwarding. We use "MAC layering" to reduce the space overhead in the packets and a stream cipher encryption mechanism to provide "implicit. authentication" of the nodes involved in the communication. We analyze the robustness of our protocols against rational and malicious attacks. We show that-using our solution-collaboration is rational for selfish nodes. We also show that our protocols thwart rational attacks and detect malicious attacks.     

Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks

An ad hoc network is a group of wireless mobile computers (or nodes), in which individual nodes cooperate by forwarding packets for each other to allow nodes to communicate beyond direct wireless transmission range. Prior research in ad hoc networking has generally studied the routing problem in a non-adversarial setting, assuming a trusted environment. In this paper, we present attacks against routing in ad hoc networks, and we present the design and performance evaluation of a new secure on-demand ad hoc network routing protocol, called Ariadne. Ariadne prevents attackers or compromised nodes from tampering with uncompromised routes consisting of uncompromised nodes, and also prevents many types of Denial-of-Service attacks. In addition, Ariadne is efficient, using only highly efficient symmetric cryptographic primitives.     

无线Ad hoc网络中基于节点位置的功率控制算法

为了降低无线Ad hoc网络中节点的能量消耗,该文提出了一种基于节点位置的功率控制算法(PCAP)。PCAP算法通过分析节点间的位置关系,建立节点的优化邻居集合,并对路由层报文、MAC层控制报文和其它数据类报文使用不同的功率控制策略。PCAP算法在保证网络连接性的同时能降低网络能量消耗,计算机仿真表明,PCAP算法在MAC层的吞吐量、MAC层丢包、端到端时延等方面取得较好的性能表现。     

Single-Adversary Relaying Attack Defense Mechanism in Wireless Ad Hoc Networks

There have been many security protocols to provide authenticity and confidentiality in wireless ad hoc networks. However, they fail to defend networks against relaying attack in which attacker nodes simply broadcast received packets without compromising any legitimate nodes. Wormhole attack is a representative example of relaying attack, in which a pair of attacker nodes relay received packets to each other and selectively drop them. The wormhole attack is known to ruin routing and communication of a network considerably, however, is not very straightforward to be accomplished due to the pairwise nature. In this paper, we introduce two new types of relaying attack, called teleport and filtering attacks that require a single attacker node only for accomplishment. We describe their accomplishment conditions and impacts on the network performance in a formal manner. We then propose a countermeasure framework against these attacks called Single-Adversary Relaying Attack defense Mechanism (SARAM), which is composed of a bandwidth-efficient neighbor discovery customized for multi-hop environments and neighbor list management combined into an on-demand ad hoc routing protocol. SARAM does not require any special hardware such as location-aware equipments and tight synchronized clocks, thus is cost-efficient as well. We show via ns-2 simulation that the new relaying attacks deteriorate the network performance significantly and SARAM is effective and efficient in defending a network against these attacks.     

Active routing for ad hoc networks

Ad hoc networks are wireless multihop networks whose highly volatile topology makes the design and operation of a standard routing protocol hard. With an active networking approach, one can define and deploy routing logic at runtime in order to adapt to special circumstances and requirements. We have implemented several active ad hoc routing protocols that configure the forwarding behavior of mobile nodes, allowing data packets to be efficiently routed between any two nodes of the wireless network. Isolating a simple forwarding layer in terms of both implementation and performance enables us to stream delay-sensitive audio data over the ad hoc network. In the control plane, active packets permanently monitor the connectivity and setup, and modify the routing state     

Attack-resistant cooperation stimulation in autonomous ad hoc networks

In autonomous ad hoc networks, nodes usually belong to different authorities and pursue different goals. In order to maximize their own performance, nodes in such networks tend to be selfish, and are not willing to forward packets for the benefits of other nodes. Meanwhile, some nodes might behave maliciously and try to disrupt the network and waste other nodes' resources. In this paper, we present an attack-resilient cooperation stimulation (ARCS) system for autonomous ad hoc networks to stimulate cooperation among selfish nodes and defend against malicious attacks. In the ARCS system, the damage that can be caused by malicious nodes can be bounded, the cooperation among selfish nodes can be enforced, and the fairness among nodes can also be achieved. Both theoretical analysis and simulation results have confirmed the effectiveness of the ARCS system. Another key property of the ARCS system lies in that it is completely self-organizing and fully distributed, and does not require any tamper-proof hardware or central management points.     

Secure Neighborhood Creation in Wireless Ad Hoc Networks using Hop Count Discrepancies

A fundamental requirement for nodes in ad hoc and sensor networks is the ability to correctly determine their neighborhood. Many applications, protocols, and network wide functions rely on correct neighborhood discovery. Malicious nodes that taint neighborhood information using wormholes can significantly disrupt the operation of ad hoc networks. Protocols that depend only on cryptographic techniques (e.g, authentication and encryption) may not be able to detect or prevent such attacks. In this paper we propose SECUND, a protocol for creating a SECUre NeighborhooD, that makes use of discrepancies in routing hop count information to detect ??true?? neighbors and remove those links to nodes that appear to be neighbors, but are not really neighbors. SECUND is simple, localized and needs no special hardware, localization, or synchronization. We evaluate SECUND using simulations and demonstrate its effectiveness in the presence of multiple and multi-ended wormholes. Lastly, we present approaches to improve the efficiency of the SECUND process.     

An efficient heterogeneous key management approach for secure multicast communications in ad hoc networks

In a mobile wireless ad hoc network, mobile nodes cooperate to form a network without using any infrastructure such as access points or base stations. Instead, the mobile nodes forward packets for each other, allowing communication among nodes outside wireless transmission range. As the use of wireless networks increases, security in this domain becomes a very real concern. One fundamental aspect of providing confidentiality and authentication is key distribution. While public-key encryption has provided these properties historically, ad hoc networks are resource constrained and benefit from symmetric key encryption. In this paper, we propose a new key management mechanism to support secure group multicast communications in ad hoc networks. The scheme proposes a dynamic construction of hierarchical clusters based on a novel density function adapted to frequent topology changes. The presented mechanism ensures a fast and efficient key management with respect to the sequential 1 to n multicast service.     

移动Ad Hoc网络安全按需路由协议

Ad Hoc网络的安全性问题越来越引起人们的关注,如何确保Ad Hoc网络路由协议的安全成为Ad Hoc研究的一项关键技术。提出一种适用于移动Ad Hoc网络的安全按需源路由协议,利用移动节点之间的会话密钥和基于散列函数的消息鉴别码HMAC一起来验证路由发现和路由应答的有效性。提出的邻居节点维护机制通过把MAC地址和每个节点的ID绑定来防御各种复杂的攻击如虫洞攻击。NS-2仿真表明该协议能有效地探测和阻止针对Ad Hoc网络的大部分攻击。     

Efficient broadcast for wireless ad hoc networks with a realistic physical layer

In this paper, we investigate the low coverage problem of efficient broadcast protocols in wireless ad hoc networks with realistic physical layer models. To minimize energy consumption, efficient protocols aim to select small set of forward nodes and minimum transmission radii. In ideal physical layer model, nodes within forward nodes’ transmission ranges can definitely receive packets; therefore energy efficient protocols can guarantee full coverage for broadcasting. However, in networks with a realistic physical layer, nodes can only receive packets with probability. We present an analytical model to show that the transmission radii used for nodes can be used to establish a tradeoff between minimizing energy consumption and ensuring network coverage. We then propose a mechanism called redundant radius, which involves using two transmission radii, to form a buffer zone that guarantees the availability of logical links in the physical network, one for broadcast tree calculation and the other for actual data transmission. With this mechanism, we extend well-known centralized protocols, BIP and DBIP, and corresponding localized protocols, LBIP and LDBIP. The effectiveness of the proposed scheme in improving network coverage is validated analytically and by simulation.     

Stable routing algorithm for mobile ad hoc networks using mobile agent

Wireless ad hoc networks are growing important because of their mobility, versatility, and ability to work with fewer infrastructures. The mobile ad hoc network is an autonomous system consisting of mobile nodes connected with wireless links. Establishing a path between two nodes is a complex task in wireless networks. It is still more complex in the wireless mobile ad hoc network because every node is no longer as an end node and an intermediate node. In this paper, it focuses on design of connectionless routing protocol for the wireless ad hoc networks based on the mobile agent concept. The proposed model tries to discover the best path taking into consideration some concerns like bandwidth, reliability, and congestion of the link. The proposed model has been simulated and tested under various wireless ad hoc network environments with the help of a different number of nodes. The results demonstrate that the proposed model is more feasible for providing reliable paths between the source and destination with the minimum control message packets over the network. It has delivered more number of packets to the destination over the network. Copyright © 2012 John Wiley & Sons, Ltd.     

ABRP: Anchor-based Routing Protocol for Mobile Ad Hoc Networks

Ad hoc networks, which do not rely on any infrastructure such as access points or base stations, can be deployed rapidly and inexpensively even in situations with geographical or time constraints. Ad hoc networks are attractive in both military and disaster situations and also in commercial uses like sensor networks or conferencing. In ad hoc networks, each node acts both as a router and as a host. The topology of an ad hoc network may change dynamically, which makes it difficult to design an efficient routing protocol. As more and more wireless devices connect to the network, it is important to design a scalable routing protocol for ad hoc networks. In this paper, we present Anchor-based Routing Protocol (ABRP), a scalable routing protocol for ad hoc networks. It is a hybrid routing protocol, which combines the table-based routing strategy with the geographic routing strategy. However, GPS (Global Positioning System) (Kaplan, Understanding GPS principles and Applications, Boston: Artech House publishers, 1996) support is not needed. ABRP consists of a location-based clustering protocol, an intra-cell routing protocol and an inter-cell routing protocol. The location-based clustering protocol divides the network region into different cells. The intra-cell routing protocol routes packets within one cell. The inter-cell routing protocol is used to route packets between nodes in different cells. The combination of intra-cell and inter-cell routing protocol makes ABRP highly scalable, since each node needs to only maintain routes within a cell. The inter-cell routing protocol establishes multiple routes between different cells, which makes ABRP reliable and efficient. We evaluate the performance of ABRP using ns2 simulator. We simulated different size of networks from 200 nodes to 1600 nodes. Simulation results show that ABRP is efficient and scales well to large networks. ABRP combines the advantages of multi-path routing strategy and geographic routing strategy—efficiency and scalability, and avoids the burden—GPS support.     

Threshold password authentication against guessing attacks in Ad hoc networks

Password authentication has been accepted as one of the commonly used solutions in network environment to protect resources from unauthorized access. The emerging mobile Ad hoc network, however, has called for new requirements for designing authentication schemes due to its dynamic nature and vulnerable-to-attack structure, which the traditional schemes overlooked, such as availability and strong security against off line guessing attacks in face of node compromise. In this paper, we propose a threshold password authentication scheme, which meets both availability and strong security requirements in the mobile Ad hoc networks. In our scheme, t out of n server nodes can jointly achieve mutual authentication with a registered user within only two rounds of message exchanges. Our scheme allows users to choose and change their memorable password without subjecting to guessing attacks. Moreover, there is no password table in the server nodes end, which is preferable since mobile nodes are usually memory-restricted devices. We also show that our scheme is efficient to be implemented in mobile devices.     

Invincible AODV to detect black hole and gray hole attacks in mobile ad hoc networks

Today's communication world is majorly driven by mobile nodes that demand wireless systems for their data relay. One such network is mobile ad hoc network, which is a purely wireless network with which communication is feasible instantly without any aid of preexisting infrastructure; due to this magnificent feature, it has a wide variety of applications. Mobile ad hoc network hinges on cooperative nature of the mobile nodes for relaying data. But at the same time, nodes relaying data for others may compromise, leading to various security attacks. Two main security attacks that drastically bring down the performance of mobile ad hoc network are black hole and gray hole attacks. In this paper, we propose 2 versions of invincible Ad hoc On‐Demand Distance Vector protocol to detect black hole and gray hole nodes that have bypassed preventive mechanism during route discovery process. First is the basic version, which is based on node‐to‐node frame check sequence tracking mechanism, and second is the enhanced version, which is based on signed frame check sequence tracking mechanism. They create a deterrent environment addressing all kinds of black and gray hole attacks. They also provide reliable data transmission to all the nonmalicious nodes in the network by using end‐to‐end authentication mechanism. Simulation results show better performance in packet delivery ratio when compared with other contemporary solutions while addressing all kinds of black and gray hole attacks. It shows significant improvement in end‐to‐end delay and normalized routing load over Ad hoc On‐Demand Distance Vector under black hole or gray hole attacks and also shows better throughput and packet delivery ratio than the existing solution.     

Access control in wireless sensor networks

Nodes in a sensor network may be lost due to power exhaustion or malicious attacks. To extend the lifetime of the sensor network, new node deployment is necessary. In military scenarios, adversaries may directly deploy malicious nodes or manipulate existing nodes to introduce malicious “new” nodes through many kinds of attacks. To prevent malicious nodes from joining the sensor network, access control is required in the design of sensor network protocols. In this paper, we propose an access control protocol based on Elliptic Curve Cryptography (ECC) for sensor networks. Our access control protocol accomplishes node authentication and key establishment for new nodes. Different from conventional authentication methods based on the node identity, our access control protocol includes both the node identity and the node bootstrapping time into the authentication procedure. Hence our access control protocol cannot only identify the identity of each node but also differentiate between old nodes and new nodes. In addition, each new node can establish shared keys with its neighbors during the node authentication procedure. Compared with conventional sensor network security solutions, our access control protocol can defend against most well-recognized attacks in sensor networks, and achieve better computation and communication performance due to the more efficient algorithms based on ECC than those based on RSA.     

Adding sense of spatial locality to routing protocols for mobile ad hoc networks

Recently, there has been an increasing interest in mobile ad hoc networks. In a mobile ad hoc network, each mobile node can freely move around and the network is dynamically constructed by collections of mobile nodes without using any existing network infrastructure. Compared to static networks, it faces many problems such as the inefficiency of routing algorithms. Also, the number of control packets in any routing algorithm increases as the mobile speed or the number of mobile nodes increases. Most of the current routing protocols in ad hoc networks broadcast the control packets to the entire network. Therefore, by reducing the number of control packets, the efficiency of the network routing will be improved. If we know where the destination is, we can beam our search toward that direction. However, without using global positioning systems, how can we do this? Define the range nodes as the 1‐hop or 2‐hop neighbors of the destination node. In this paper, we propose using the range nodes to direct our searches for the destination. It can be combined with the existing routing protocols to reduce the control overhead. We show through simulations that AODV and DSR combined with the range node method outperforms the original AODV and DSR routing protocols in terms of control packets overhead. We also show that the delay introduced in find range nodes is insignificant. Copyright © 2006 John Wiley & Sons, Ltd.     

Scalable Routing Protocol for Ad Hoc Networks

In this paper we present a scalable routing protocol for ad hoc networks. The protocol is based on a geographic location management strategy that keeps the overhead of routing packets relatively small. Nodes are assigned home regions and all nodes within a home region know the approximate location of the registered nodes. As nodes travel, they send location update messages to their home regions and this information is used to route data packets. In this paper, we derive theoretical performance results for the protocol and prove that the control packet overhead scales linearly with node speed and as N ^3/2 with increasing number of nodes. These results indicate that our protocol is well suited to relatively large ad hoc networks where nodes travel at high speed. Finally, we use simulations to validate our analytical model.     

Transmission Range Effects on AODV Multicast Communication

As laptop computers begin to dominate the marketplace, wireless adapters with varying bandwidth and range capabilities are being developed by hardware vendors. To provide multihop communication between these computers, ad hoc mobile networking is receiving increasing research interest. While increasing a node's transmission range allows fewer hops between a source and destination and enhances overall network connectivity, it also increases the probability of collisions and reduces the effective bandwidth seen at individual nodes. To enable formation of multihop ad hoc networks, a routing protocol is needed to provide the communication and route finding capability in these networks. The Ad hoc On-Demand Distance Vector Routing protocol (AODV) has been designed to provide both unicast and multicast communication in ad hoc mobile networks. Because AODV uses broadcast to transmit multicast data packets between nodes, the transmission range plays a key role in determining the performance of AODV. This paper studies the effects of transmission range on AODV's multicast performance by examining the results achieved at varying transmission ranges and network configurations.     

Space and network diversity combination for masked node collision resolution in wireless ad hoc network

In wireless ad hoc networks, the traditional carrier sensing multiple access/collision avoidance protocol cannot solve the masked node problem, which affects the network performance greatly. Our proposed collision separation technique overcomes the shortcoming of the IEEE 802.11 request-to-send-clear-to-send handshake by combining the space diversity provided by the antenna array and network diversity provided by the medium access control layer. In this work, the colliding packets caused by masked nodes are not discarded but stored and combined with the selected retransmission packets to separate the data from different nodes. The steady states of the nodes in the network are analyzed via a Markov chain model. The network throughput and delay performance are also investigated. Compared to network assisted diversity multiple access, our proposed method can provide significantly higher throughput and lower delay